<?php

// +---------------------------------------------+
// |     Copyright  2010 - 2018 InterPhoto       |
// |     http://www.weentech.com                 |
// |     This file may not be redistributed.     |
// +---------------------------------------------+


include('includes/InterPhoto.Core.php');

CheckAccess('allowlogin');

$action = ForceIncomingString('action', 'editform');


$smarty = new InterPhoto;


if($action == 'updateuser')
{
	$password        = ForceIncomingString('password');
	$repassword = ForceIncomingString('repassword');
	$email           = ForceIncomingString('email');
	$userfullname        = ForceIncomingString('userfullname');
	$usercompany        = ForceIncomingString('usercompany');
	$useraddress        = ForceIncomingString('useraddress');
	$userpostcode        = ForceIncomingString('userpostcode');
	$usertel        = ForceIncomingString('usertel');
	$userfax        = ForceIncomingString('userfax');
	$useronline        = ForceIncomingString('useronline');
	$userwebsite        = ForceIncomingString('userwebsite');


	if(strlen($password))
	{
		if(!IsPass($password)){
			$errors[] = $sys_langs['badpassword'];
		}elseif(strcmp($password, $repassword)){
			$errors[] = $sys_langs['passnotsame'];
		}
	}

	if(strlen($email) == 0){
		$errors[] = $sys_langs['please_enter'].$langs['email'];
	}elseif(!IsEmail($email)){
		$errors[] = $sys_langs['bademail'];
	}elseif($DB->query_first("SELECT email FROM " . TABLE_PREFIX . "users WHERE email = '$email' AND userid != '$userinfo[userid]' ")){
		$errors[] = $sys_langs['emailed'];
	}

	  
	if(!isset($errors))	{
		$DB->query("UPDATE " . TABLE_PREFIX . "users SET ".Iif(strlen($password), "password = '". md5($password) . "',", "")."
		email       = '$email',
		userfullname       = '$userfullname',
		usercompany       = '$usercompany',
		useraddress       = '$useraddress',
		userpostcode       = '$userpostcode',
		usertel       = '$usertel',
		userfax       = '$userfax',
		useronline       = '$useronline',
		userwebsite       = '$userwebsite'												 
		WHERE userid      = '$userinfo[userid]'");

		$success = $sys_langs['savefinished'];
		$userinfo = GetUserInfo($userinfo['userid']);
		$action = 'editform';
	}else{
		$errortitle = $langs['edit'].$langs['userinfo'].$sys_langs['error'];
		$action = 'editform';
	}
}


if($action == 'editform')
{
	if(isset($errors))
	{
		$user = array('password'     => $password,
			  'repassword'     => $repassword,
			  'email'     => $email,
			  'userfullname'     => $userfullname,
			  'usercompany'     => $usercompany,
			  'useraddress'     => $useraddress,
			  'userpostcode'     => $userpostcode,
			  'usertel'     => $usertel,
			  'userfax'     => $userfax,
			  'useronline'     => $useronline,
			  'userwebsite'     => $userwebsite);
	}else{
		$user = array('password'     => '',
			  'repassword'     => '',
			  'email'     => $userinfo['email'],
			  'userfullname'     => $userinfo['userfullname'],
			  'usercompany'     => $userinfo['usercompany'],
			  'useraddress'     => $userinfo['useraddress'],
			  'userpostcode'     => $userinfo['userpostcode'],
			  'usertel'     => $userinfo['usertel'],
			  'userfax'     => $userinfo['userfax'],
			  'useronline'     => $userinfo['useronline'],
			  'userwebsite'     => $userinfo['userwebsite']);
	}
}

$smarty->assign('user', $user);

//Always needing
$pagenav = '<a href="'.GetUrl('index.php').'">'.$langs['home'].'</a> '.$langs['nav'].' <a href="'.GetUrl('mydesk.php').'">'.$langs['mydesk'].'</a> '.$langs['nav'].' <a href="'.GetUrl('mydesk.edit.php').'">'.$langs['edit'].$langs['userinfo'].'</a>';
$smarty->assign('pagenav', $pagenav);
$smarty->assign('userinfo', $userinfo);
$smarty->assign('pagetitle', $langs['edit'].$langs['userinfo'] . ' - ' .$mainsettings['siteTitle']);

$smarty->interPlay('mydesk.edit.tpl');

?>